GDPR
PEN International adheres strictly to the Data Protection Act (DPA). We are now working towards full adherence to the new General Data Protection Regulation (GDPR) which came into force on 25 May 2018. The GDPR will replace the current DPA governing the processing of personal data by companies.
The GDPR is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). The GDPR affects all organisations that use and process personal information, including outside the EU. PEN is working hard to ensure that it is fully compliant to the new changes and will be documenting the progress along the way through our GDPR statement.
A lot of the concepts and principles will remain the same as those stated in the Data Protection Act, but with more emphasis on accountability and how businesses are demonstrating compliance. GDPR still applies to ‘personal data’ but there is a lot more detail included. An example of your personal data would be the IP address of a device which indicates the location of the device.
The GDPR applies to both electronic systems storing and holding personal data, and to manual filing systems where personal data is accessible. This is wider than the scope of the Data Protection Act, and includes chronologically ordered sets of manual records containing personal data collected through informed consent on both paper and digital forms
Among others, PEN International will need to be able to prove that we have permission from individuals who live in the EU to send them communications by email and text message. Under the GDPR, organisations are allowed to contact individuals by post without asking for their consent.
The GDPR refers to sensitive data as "special categories" of personal data. These special categories mirror those included in the DPA with some minor changes: they specifically include data used to identify such as genetic and biometric data.
Unlike the DPA, which governs the processing only, the GDPR applies to both controllers and processors of data. The definitions mostly remain the same with the controller saying how and why data is used, and the processor acting on behalf of the controller.
At times PEN International acts as both the controller and the processor. Where we are the controller, we will document who is the processor and where we are the processor, we will document who is the controller.
Our software, a shared-drive containing PEN International's data, is risk managed through the use of strong passwords that are changed periodically, permission groups and document control such as password and access protection.
All our employees are required to complete online data protection training designed to promote acceptable use. This is reviewed annually or when any changes to relevant legislation are made.
In order to achieve full compliance, we have:
Set up a steering group and engaged a specialist consultant under the direction of the Board;
Commenced a programme of data audits;
Started to document fully how and why personal and sensitive data is used within the organisation;
Undertaken a review of policies and procedures;
Undertaken a review of staff training;
Undertaken a review of software requirements.
Emmanuel Asamoah (Finance, HR & Admin Director) and Pavlo Bilyk (Interim Data Officer) have been designated to take responsibility for the management of compliance, security breaches and data updates respectively.
Emmanuel.Asamoah@pen-international.org
Pavlo.Bilyk@Pen-international.org
Privacy Policy
At PEN International we are committed to safeguarding and preserving the privacy of our website visitors, as well as that of our members and activists. The following statement describes how PEN International collects and uses information about people who visit our website.
In this policy, “PEN International” refers to PEN staff, board members, volunteers, and consultants, all of whom are bound by law or contract to keep confidential information they receive as part of their work at PEN International.
Information We Collect
In running and maintaining our website we may collect and process the following data about you:
i. Information about your use of our site, including details of your visits such as pages viewed and the resources that you access, as well as traffic data, location data and other communication data. ii. Information provided voluntarily by you. For example, when you subscribe to our newsletter or make a purchase through our website. iii. Information that you provide when you communicate with us by any means.
Use of Cookies
Cookies provide information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website.
We may gather information about your general internet use by using cookies. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. You can activate the reject cookies setting on your computer to decline any cookies if you wish.
Social Media
This website contains buttons and content from social media platforms such as Facebook, Twitter, Instagram and YouTube. These social media sites may use their own cookies. For more information, please visit the respective website for these platforms.
Use of Your Information
We use the information that we collect from you to further the mission of PEN in defending freedom of expression and promoting literature.
In addition to this we may use the information for one or more of the following purposes:
i. To provide information that you request from us about our work.. ii. To provide information relating to other products that may be of interest to you. Such additional information will only be provided where you have consented to receive such information. iii. To inform you of any changes to our website, services or goods and products. iv. Member and Donor information: We use member and donor information to process and manage your membership or contribution. If you opt in, we will use your email address to send you updates and alerts about our work. v. Other activities: We may run surveys, contests or similar activities through this site. Such information will be used for the purposes it was collected.
Newsletters
We send regular newsletters that keep users up to date with our work, cases, events, and more. If you would like to subscribe, we will require your email address. You will have the option of providing further information such as your name and location so that we can personalise communications with you.
Storing Your Personal Data
In operating our website, it may become necessary to transfer data that we collect from you to locations outside of the European Union for processing and storing. By providing your personal data to us, you agree to this transfer, storing or processing. We do our utmost to ensure that all reasonable steps are taken to make sure that your data is stored securely.
Unfortunately, the transfer of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically. Sending such information is entirely at your own risk.
Disclosing Your Information
We will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:
i. Where we are legally required by law to disclose your personal information. ii. To further fraud protection and reduce the risk of fraud.
Third Party Links
On occasion we include links to third parties on this website. Where we provide a link it does not mean that we endorse or approve that site's policy towards visitor privacy. You should review their privacy policy before sending them any personal data.
Access to Information
In accordance with the Data Protection Act 1998, you have the right to access any information that we hold relating to you. Please note that we reserve the right to charge a fee of £10 to cover costs incurred by us in providing you with the information.
Updating or Removing Your Information
You may choose to correct, update, or delete the membership information you have submitted to us by sending an email to info@pen-international.org.
Changes to our policies
PEN International’s Privacy Policy may change from time to time. However, any revised privacy policy will be consistent with PEN International’s values and mission.
Contacting Us
Please do not hesitate to contact us regarding any matter relating to this Privacy Policy at info@pen-international.org